Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

Botnet on Botnet Action 187

Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."
This discussion has been archived. No new comments can be posted.

Botnet on Botnet Action

Comments Filter:
  • by Billosaur ( 927319 ) * <wgrother AT optonline DOT net> on Friday April 20, 2007 @09:07AM (#18811159) Journal

    Never let CmdrTaco come up with headlines after a night of watching girl-girl porn... the images created are... disturbing...

    • by TheMeuge ( 645043 ) on Friday April 20, 2007 @09:08AM (#18811169)
      How do you think he came up with his username?
    • Re: (Score:3, Informative)

      by JamesTRexx ( 675890 )
      You were thinking of a clusterfuck too?
    • Re:Note to Editors (Score:5, Insightful)

      by thestudio_bob ( 894258 ) on Friday April 20, 2007 @09:34AM (#18811443)
      Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.
      • Re:Note to Editors (Score:4, Insightful)

        by AndersOSU ( 873247 ) on Friday April 20, 2007 @09:44AM (#18811557)
        because it is self defeating. If you clean up a computer, you no longer have access to a computer that would clean up other computers.
        • Re:Note to Editors (Score:4, Informative)

          by It'sYerMam ( 762418 ) <thefishface@gmaGINSBERGil.com minus poet> on Friday April 20, 2007 @10:45AM (#18812389) Homepage
          Hmm, I don't think this has been thought through properly. (regardless of the insightful mod) Just because you've patched up the security hole on the host computer doesn't mean you can't still send stuff out. And of course, it's less than trivial to build in a time delay before the bot patches security holes and terminates itself, during which time it infects as many PCs as it can - so if, by some mechanism, the way you got in is related to the way you're sending yourself out, it would still work.
        • That makes no sense. A bot is just code. You can secure a computer from outside infection and still run programs on it that access the internet. You can even have secure access to it remotely.

          As for companies doing it through a botnet, why would they want a lawsuit? As for doing it through their services, several companies do offer protection tools like antivirus, firewall, etc. already.
      • Re:Note to Editors (Score:5, Interesting)

        by qwijibo ( 101731 ) on Friday April 20, 2007 @09:56AM (#18811723)
        Because good has to be much more diligent, and that is orders of magnitude harder.

        When you're working for evil, you don't have to worry about collateral damage. If you cause one system out of 100 to stop working completely, or just have some incompatibility that makes it less useful to the user, you don't care. If they didn't want to be infected, they'd have better security. Propagating evil viruses, trojans and worms is easy because you can be careless and expect the rest of the world to reboot if you have a bug.

        This is also why large organizations have people to test that patches don't break the necessary functionality in their supported applications. If something breaks, they have to support it, so they make sure it's not going to come back to bite them. This takes a fair amount of time, people, and all of the supported configurations to ensure that things are safe. It's a real pain in the neck (or other body part) to do a good job at this.

        The most secure machine is one that is turned off, unplugged and locked in a room that has an armed security guard with standing orders to shoot everyone. That's not the computer usage model that any of the companies listed want to encourage. They want the user to be insecure to different degrees.
        • Re:Note to Editors (Score:4, Insightful)

          by Chosen Reject ( 842143 ) on Friday April 20, 2007 @10:09AM (#18811923)
          "And now we see that evil will always triumph, because good is dumb."
        • Re:Note to Editors (Score:5, Interesting)

          by plover ( 150551 ) * on Friday April 20, 2007 @11:01AM (#18812605) Homepage Journal
          I'm not so sure about this. Why does good have to be diligent and honest? Why can't this be done by vigilante groups who are not officially sanctioned, but nobody complains about them?

          The internet is still pretty much wide open, with no single governing body. A vigilante group could operate out of any number of less-than-cooperative countries. And this vigilante group does NOT have to be 100% good or careful. These zombies exist because their owners don't know or care enough to keep their machines safe, and now they're out attacking the rest of us. I have about zero tolerance for dangerously ignorant people or their hardware when it's threatening mine.

          In medical terms, these zombies would be defined as malignant cancerous cells, and botnets as tumors. And to carry the medical analogy further, the treatment is to kill the rogue cells. We don't contact them, and ask "hey, Mr. Cancerous cell, you're hurting the rest of us, would you please stop?" No, we use chemo and radiation and surgery and remove and destroy the tumors so they don't spread further.

          I really don't see why a vigilante group can't send out "good-faith" efforts to patch bad machines. If those machines die as a result of a bad patch, well, perhaps its because they deserved to die. I certainly wouldn't complain if someone started actively dismantling these networks.

          • Re:Note to Editors (Score:5, Interesting)

            by karmatic ( 776420 ) on Friday April 20, 2007 @11:23AM (#18812887)

            I certainly wouldn't complain if someone started actively dismantling these networks.

            Some of us try.

            A while ago, I got a spam message, trying to infect me and connect me to a botnet - the software was a hacked up mIRC client with some DLL plugins. The client would automatically open a second connection, connect to a random network and channel, and proceed to spam people with virus messages on join. ("Type //some evil command to get op!, etc.")

            After talking to the admins, we banned the owners (only certain nicknames were allowed to control the bots), and replaced them with an eggdrop that had the infected people download and install an automatic cleaner. Thousands of infected computers were cleaned overnight, and hundreds more over the next few weeks. Is it possible that the cleaner broke a machine or two in the process? Possible, but unlikely (would be most likely due to a variant of the bot). Oh well - it made the IRC servers I used a lot more useful.
          • Re: (Score:3, Insightful)

            by qwijibo ( 101731 )
            Good has to be diligent and honest to be good. You can argue shades of gray, but that's just another way of saying degrees of evil.

            When you decide to be a vigilante group and dish out your style of justice for others' perceived sins, you are at best what Machiavelli describes astutely as "other than good."

            I'm a sysadmin, so if I were a juror and your "other than good" tactics landed you in court, I would not in good conscience be able to vote to convict you for trying to do something about these idiots. H
      • Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone?

        That's exactly what turning on Automatic Updates + Firewall protection + Antivirus software automatic updates is. You can still get 0wned even if you have Automatic Updates turned on, but it's better than nothing. Automatic Updates + Sunbelt Kerio Personal Firewall + AVG Anti-Virus Free Edition + a couple of spyware scan/remove apps + runni

        • Re: (Score:3, Funny)

          by HAKdragon ( 193605 )
          You know, that's one of the things I really don't miss about running Windows...
        • Automatic Updates + Sunbelt Kerio Personal Firewall + AVG Anti-Virus Free Edition + a couple of spyware scan/remove apps + running Firefox instead of IE and being careful about what I click + hiding behind a NAT router keeps me pretty safe, for the most part.
          And uses what percentage of your clock ticks? 20, 30, 70?
          • When they're not running, they use damn close to zero.

            But, when they are running, they might use a certain amount... JUST LIKE A BOTNET! OMG! My analogy is flawless!
      • Re:Note to Editors (Score:5, Insightful)

        by bhmit1 ( 2270 ) on Friday April 20, 2007 @09:56AM (#18811731) Homepage

        Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.
        Because of liability and money. A large company won't do this because if they take control of your machine against your will through a security hole (and there's no other way they'd put a dent in the problem if people had to volunteer to have this installed) they are liable for any damage that does and open themselves up for trespassing lawsuits. Consider a patch that a company is not installing because it conflicts with business critical applications or because they are aware of an even bigger security hole it exposes.

        As for some hacker doing it, it's all about money, and maybe a little fame. Doing this puts you in a worse position than the airline ticket hacker. So anyone that exposes themselves to this kind of risk, does so for money. And right now, there's money to be made in cutting out the competition in terms of making your botnet bigger than theirs and less likely to be removed (users are less likely to notice just one bot).
      • Re:Note to Editors (Score:4, Informative)

        by HUADPE ( 903765 ) on Friday April 20, 2007 @10:10AM (#18811931) Homepage
        Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

        It's illegal. Botnets constitute several levels of fraud in that they a. install software without your consent; b. steal your bandwidth to copy themselves; and c. then use your computer to commit some other crime.

        c. would not be done by a "good" botnet, but a. and b. would. Even if all the hijacks came from a commercial server set up for it, a. would be violated. If you think click-through EULAs are invalid...just imagine the invalid-ness of a botnet install.

        • by cdrguru ( 88047 )
          Yes, but ...

          So what? When was the last time you heard about some botnet master getting arrested and charged with 20,000 counts of computer misuse? Oh yeah, the one prosecution there was occurred because the guy bragged on some FBI IRC channel.

          These people are immune to prosecution. Let's say I have a 10,000 strong botnet and I am controlling it through my cable modem at home. You can't trace the botnet back to my cable modem, that's not how it works. You can't trace it through the IRC channel used for
      • Re: (Score:2, Informative)

        by ajs318 ( 655362 )
        Because regardless of your intentions, it would still run afoul of the Misuse of Computers Act 1990.
        • Hmm... I suppose that if an open source effort were orchestrated and hosted from a non-extradition country, such a botnet fleet could be designed and maintained without running afoul of this law. The idea still has a number of other problems, not least of which is that it's not clear how R&D would be funded. Botnets are evolving rapidly due to the influx of R&D money. The Anti-botnet won't benefit from revenue generated by stolen credit card numbers, data stolen and then sold to corporations and
      • Re: (Score:2, Funny)

        by DarkDaimon ( 966409 )
        I thought Windows was a botnet!
      • "Evil will always triumph over good because good is dumb."

        Microsoft already has this in place, it's called windows update, and it was a HUGE leap forward. For the rest it has to do with legality and profit motivation, i.e. it's not legal and they can't make money off of it. Symantec and Microsoft make their money selling aspirin to the headaches you're describing. Google and Yahoo would be WAY out of their realm of specialty. Personally, I wouldn't mind ISPs doing it, assuming it was very up-front about

      • A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches

        We fire-up the wayback machine and visit 2003:

        http://www.trendmicro.com/vinfo/virusencyclo/defa u lt5.asp?VName=WORM_NACHI.A [trendmicro.com]

        Patch Download

        This worm is also designed to patch systems against the RPC DCOM Buffer Overflow. It first checks for the running Windows version and then downloads a patch from Microsoft. Note, however, that this worm does not have a mechanism which checks for the required service pack needed to install the patch. Thus, on systems where the required service packs are not installed, the downloaded patch are similarly left uninstalled.

      • by Glog ( 303500 )
        The moment MS, Yahoo, or Google introduce a "good" botnet they are basically offering a complete software package which hackers can reverse-engineer and twist for the their own evil benefits.
    • Re: (Score:2, Funny)

      by jojoba_oil ( 1071932 )
      Couple that with a quote I pull directly from TFA:

      It's one incestuous ecosystem.
    • All I could think of when reading this headline was Buck Rogers in the 25th Century. Specifically the second season, when they introduced Twiki's robot girlfriend. You know, the one who said "bootybootybooty," instead of "bidibidibidi."
    • Reminds me of Phillip K. Dick's "Second Variety," where the robots evolved first into killing their human masters, then into killing one another.
  • by smooth wombat ( 796938 ) on Friday April 20, 2007 @09:10AM (#18811191) Journal
    so little time.
  • Funny 404 (Score:4, Funny)

    by gblackwo ( 1087063 ) on Friday April 20, 2007 @09:12AM (#18811213) Homepage
    Got a good couple 404 error from slashdot on this page before anyone had commented, I thought the bots had a foothold.
  • that is some strange evolution going on. it seems that some of the porn spam bots have learned how to spam slashdot with story title submissions
  • by Mockylock ( 1087585 ) on Friday April 20, 2007 @09:14AM (#18811237) Homepage
    In a dark area of Brooklyn, servers have a standoff wearing their bandanas, willing to die for their turf.

    "We are better with patches", says GlobalBot international server.

    InterSearchBot united server sneers, "PATCHES!?... WE DON' NEED NO STINKING PATCHES!"
  • So Possibly... (Score:4, Insightful)

    by QBasicer ( 781745 ) on Friday April 20, 2007 @09:15AM (#18811249) Homepage Journal
    ...the botnet creaters are trying to make their botnets more secure, and prevent other botnets from taking over the host? I'm not sure whether this is good or bad. The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?
    • by garcia ( 6573 )
      The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?

      Well you can certainly find their clients. They are the ones that are constantly hitting your web server with POST commands with no preceding GET, have strange referrers, or stupid browser identification (AmigaOS or C64, etc).

      I really wish that the residential cable ISPs would shutdown these fucking connections faster. My ban list is nearly unmanageable now, if it continue
      • Re:So Possibly... (Score:5, Insightful)

        by plover ( 150551 ) * on Friday April 20, 2007 @09:29AM (#18811397) Homepage Journal
        I don't report zombies on Comcast addresses probing my home web server to Comcast because I'm afraid they'll just get all pissy about my running a web server. It's strictly a "personal use" server, and it doesn't see a megabyte of traffic a day, but you never know what's going to tweak the wrong person. I figure it's better to stay below the radar, keep the patches current, keep watching the logs and put up with the probes.
        • by garcia ( 6573 )
          I don't bother to report mine to Comcast either because they don't do anything about it above and beyond their automated system checks anyway. They get enough abuse@ contacts that they cannot be concerned with some idiot that is running an open proxy.

          Fortunately for me, I have a Visi DSL connection and they allow servers to be run without issue. Good thing too as I top 4.5 GB of transfer on average a month for my web server alone.
      • I can't afford anything but a C64, you insensetive clod! And my browser doesn't support GET.
    • So instead of dying of the flu, whooping cough, measles, mumps, and rubella, you die of ebola virus. It's not really an improvement. Bots that are harder to hunt down and fix also raise the possibility of greater use of the net as a weapon. Instead of sending spam, the highest bidder on a bot net now uses it to attack financial markets, or DDOS more important communications centers.

      It's not the evolution from amino acids to virus that worries me. It's the evolution from "swinging stone axes & clubs" to
  • by Anonymous Coward on Friday April 20, 2007 @09:15AM (#18811253)
    This was predicted in the past, but here's one of the roadmaps:

    http://www.iwar.org.uk/iwar/resources/treatise-on- iw/iw.htm [iwar.org.uk]

    Quite a lot of reading, but its not too bad. Seems like all that is happening is that the crooks are catching up with the research faster than the commercial people are.
  • by Opportunist ( 166417 ) on Friday April 20, 2007 @09:16AM (#18811271)
    The time when there was still a market to grow into with botnets is over. The big surge of new, clueless morons filling the net is slowly coming to an end, and even the morons now start using firewalls and AV tools (still no brains, but hey, I'm already happy with small steps).

    So the maximum amount of machines to have is pretty much reached. Now the battle for the precious dimwits started. Well, it started some time ago, but we now get a lot of bot malware that actually tries to kick out the competition.

    What for, one may ask. Why the overhead? I mean, what's wrong with 2 competing botnetters controlling a computer?

    Bandwidth. You can only pump so much spam out of a machine with a given bandwidth. If two try that at the same time, they have to share. And sharing is not really a trait of a botnetter.

    So, let the games for the herd begin. If anyone's looking for me, I'm in the lobby getting popcorn.
    • by Applekid ( 993327 ) on Friday April 20, 2007 @09:22AM (#18811329)
      There's a little more than just bandwidth. If your botnet can gain one extra machine, that's an advantage of +1. If your bothnet can gain control of a machine belonging to a competing botnet and kick it off that one into yours, you gain one extra machine and remove one from your opponent for an advantage of +2.

      When it comes down to botnets being commissioned for Spam and DDoS attacks, the one with the most machines gets the highest bid, and the difference between that bid and the second best is likely directly related to how many computers make up the difference.

      There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.

      Sounds very similar to nature's natural selection.
      • As a botnetter, you didn't even try getting into tightly secured machines (at least, you didn't 'til now). Not worth the hassle. There were enough machines to go around that have little to no security, comprised of an unpatched system, no AV (or with an outdated database), no router/fw in front of it and a braindead zombie not only in but also in front of the machine. The dominant way for infections are still mails with malware attachments. I.e. they need the user's aid to actually infect. You have a really
      • by misleb ( 129952 ) on Friday April 20, 2007 @10:14AM (#18811979)

        There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.


        So if there is an intelligent designer behind the changes in the bots in response to selective pressure, is that evolution or intelligent design?

        -matthew
      • Re: (Score:3, Interesting)

        by plover ( 150551 ) *
        And if you use your bot to retrieve a competing bot, you can reverse engineer your opponent's command and control structure. Why fight for one advantage at a time when you can 0wn his entire botnet? Game, set and match.
    • and it has nothing to do with what users do other than use Windoze.

      • Re: (Score:3, Interesting)

        by Opportunist ( 166417 )
        Ain't that easy.

        Windows is the primary target simply because it has a market share of roughly 90% in the consumer area. You may safely assume that a business server is administrated by someone who has at least half a clue and uses security features, no matter how lenient, so the consumer is the core target group for botnetters.

        Since most modern attack schemes rely not on system weaknesses but on user stupidity, this would work in every environment.

        What it really has to do with is users clicking on everythin
        • Almost everything you said is partly correct in some limited cases.

          Some of the browser exploits don't require a user to allow the wrong thing nor visit an obviously bad web site. "Good" web sites get cracked and used as distribution vectors. Exploit chains are created such that malware can get on the box as an ordinary user, then elevate to super-user status by taking advantage of a local privilege escalation vulnerability. The amount of worm traffic probing around the internet, and the continual new
          • The amount of worm traffic probing around the internet, and the continual new versions of botnets with worm capabilities seem to indicate that remote execution holes have not been abandoned as a propagation vector.

            It's low cost and high payoff. A machine can scan 24/7/52. If your box is vulnerable, it WILL be found.

            ...botnet masters don't seem to much care about the nature of the systems they infect. They are clearly a mixture of home users, corporations, and government agencies.

            That's because the attacks a

            • by SL Baur ( 19540 )

              Windows is exploited the most because Microsoft has, in the past, opted for a less secure security model so that Microsoft OS's and apps could be more "user friendly".

              There isn't much of a security model. It's insecure by design. A mail client should never, ever be allowed to execute code received from the outside. It shouldn't even be an option to turn on. Self-executing zip files are a disaster. Always invoke (preferably by hand) an archive unpacker to deal with archives - why do you think unshar was invented? Fix those two problems (which have been documented for a long, long time) and you would go a long ways towards solving the security problem on Microsoft Wi

          • by cdrguru ( 88047 )
            Yes, but...

            The one thing you missed is that perhaps 1% of the available machines will really be vulnerable to attacks, either through user stupidity or unpatched security flaws in some product (OS, Browser or whatnot).

            This brings the numbers more in line with market share where there might be 200,000 available Mac OS machines and 4,000,000 Windows machines.
        • You may safely assume that a business server is administrated by someone who has at least half a clue and uses security features, no matter how lenient, so the consumer is the core target group for botnetters.

          Having worked for a fortune 100 company and later done Windoze upgrades for another, I can say that assumption is anything but safe. It had nothing to do with the users and everything to do with OS choice. The admins worked hard but it was all a waste of time regardless of the amount of money they

    • The use of AV, anti spyware and personal firewall products is increasingly ineffective in preventing infection. If these products are fully up to date, the good ones will currently stop about 80% of the malware thrown at them, and the situation is becoming worse. The trend towards broadband routers with embedded NAT firewalls helps, but infections through email attachments and visiting malicious websites is not going to decrease: it is going to continue to increase. As the botnets become oriented primari
      • With profits already dwarfing that of the global drug business
        Care to back that up with some sources? This seems like a huge overstatement to me...
        • A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.
          • A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.
            Well, 10 seconds with google pulls up the United Nations estimate that the world drug trade was $320 BILLION dollars in 2005. (0.9% of the worlds GDP!). And the claim of the OP was that 'botnet' profits 'dwarf' this. Come on...really?
        • Re: (Score:3, Insightful)

          The initial realization of the scale of the problem came from an FBI study last year. You can start with Malware Trends [itsecurity.com]. However, it is important to note matters are deteriorating faster than anticipated when that article was written last year.

          You might also read Bumper crop of malware expected in 2007 [techtarget.com] which starts with Gartner's prediction that

          75% of all enterprises will become infected with undetected, financially motivated malware by the end of 2007.

          Unfortunately this is all too real and there are n

      • Re: (Score:3, Interesting)

        by Opportunist ( 166417 )
        What part of it is not true?

        Corporate networks are largely unintersting. Few people store their personal information on their corporate machines, simply because it would be against their working contract in most places to use the machine for personal business. At best such networks would be interesting for their bandwidth, but they are usually a lot closer monitored than private machines and nets.

        Yes, the stealthyness will increase. It already does. 2 years ago the average malware was an easily detectable p
  • Evolution (Score:5, Insightful)

    by Shambly ( 1075137 ) on Friday April 20, 2007 @09:16AM (#18811273)
    I think this one oneupmanship is very good. Sure bots are bad but if we look at a virus they are now developing a symbiotic relationship with the hosts. How long until they become indispensable to the security unconscious consumer. Sorta like how bacteria evolved into helping the organism it inhabited. Very interesting to see where this will ultimately lead.
    • for every bacteria that helps an organism, there are probably 2 or 3 that hurt them but this analogy is particularly weak because these computer viruses are only taking their beneficial steps to a certain point...they're not stopping themselves from ruining your PC. i'm not sure why you'd want a rooted computer that steals your bandwidth, your data, and ultimately your money just because it keeps other viruses from doing the same
    • Re:Evolution (Score:4, Informative)

      by vivaoporto ( 1064484 ) on Friday April 20, 2007 @09:49AM (#18811627)
      I can tell you in advance, without charge, where this will lead. Just like a disease vector [wikipedia.org], these machines will continue to be used by the botnet masters to infect other machines, spread SPAM, steal the very machine owner personal data and, in general, obfuscate illegal activities.

      I don't know from where people commenting this article got the idea that having only one "infection" that don't totally destroy the machine is a good thing, even for the machine owner. Actually, it is very worse, because if people don't notice any different behavior they will not worry to fix the machine, even if they know about the infection. And in the end of the day, they will be the first to lose their money in some scam that they inadvertently help to spread.

      People don't infect machines nowadays on the evilness of their hearts, only to wreak havoc or for bragging rights, not anymore. Now they do it for profit, it is organized crime that is happening there. Have no illusions about it.
  • Oblig (Score:5, Funny)

    by xBOISEx ( 1089557 ) on Friday April 20, 2007 @09:18AM (#18811291) Homepage
    "Begun, this bot war has"
    • by gmuslera ( 3436 )
      One Botnet to rule them all, One Botnet to find them, One Botnet to bring them all, and in the spam sink us
  • All we need is to build a botnet capable of hunting down and destroying other botnets... or perhaps converting them? Kind of the Internet equivalent of an evangelist...

    • Or we could just put their signature in an antivirus/antitrojan ?
      Which is basically the result of the work of people working in companies using reports, honeypots and their brains.
    • The problem with that is that the people who are using botnets for commercial purposes are way way way the hell ahead in the arms race. They already know what they're doing. And there's no reason to believe that they're stupid; they've accomplished so much...
  • by hcmtnbiker ( 925661 ) on Friday April 20, 2007 @09:23AM (#18811333)
    *Cues West Side Story finger snapping*
  • by gurps_npc ( 621217 ) on Friday April 20, 2007 @09:26AM (#18811363) Homepage
    hunts down pop-up advertiserment programs and either destroys them or tags them (so that pop-up blockers will automatically shut them down).

    With all the punk 1eet programers out there, you would think that someone would spend time writing this instead of silly viruses.

    I am tired of having pop-up advertisements beat my pop-up blocker.

  • How long until a botnet become sentient and decides eradicate humanity? ;-)

    I keep telling people those Windows machines are dangerous. This puts them on a whole new scale.
  • "Hawt Botnet on Botnet Action". With links to robot porn.
  • Forget anti-virus or malware vendors. We'll just admit that we live in the wild west/various mob ruled internet. How long do you think that it'll take them to figure out that they might be able to shack down the owners of those PCs for say a $30 a year "protection" fee from other anti-virus/anti-malware/ general evil spreading software products?
  • by Maximum Prophet ( 716608 ) on Friday April 20, 2007 @09:43AM (#18811555)
    If botnet A installs patches 1,2 & 3, and botnet B simultaneously installs patches 4, 5, & 6, could the target machines be completely immunized after the next reboot?
    • Re: (Score:3, Informative)

      by Yetihehe ( 971185 )
      Yes, but they still have those two botnet's so they are not secure.
    • Would one of you /. geniuses please discover a manual config of this idea so that we can breed an army of WinMules that can't reproduce any more bots?

      The irony would be delicious.
    • could the target machines be completely immunized after the next reboot?

      You're forgetting one thing. SouthKorean machines with devils-own XP (no SP) which CANNOT be secured until they install SP2. I wonder how the botnets will do this, and if they do, I'd like to watch :)
  • A lot of disputes in the old wild west arose from open ranges, where "anyone" could graze. In practice it led to nasty disputes and illegal attempts to fence off ranges. I reckon it might be amenable to economic approaches. [clubtroppo.com.au]
  • Map? (Score:3, Interesting)

    by andrewd18 ( 989408 ) on Friday April 20, 2007 @11:03AM (#18812633)
    What I'd like to see is a map of IP addresses, perhaps by provider, with the "turf" colored by type of infection. That would be awesome.
  • the botnet has you.
  • For the folks discussing having 'good' botnets, does anyone remember the Nachi worm? It's purpose was to use the same Windows RPC DCOM vulnerability that Lovesan (an 'evil' worm) used. It would then kill the lovesan processes and download the necessary patches from M$ to prevent further re-infection. It would then search out network segments for other machines to 'fix' Nice in concept, but the amount of network traffic that this created when it was in search mode would overwhelm closet switches in a decent
  • by qengho ( 54305 )
    Wow. Distributed Core Wars [wikipedia.org].

"Hello again, Peabody here..." -- Mister Peabody

Working...